Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Internal Port Sweep Explaination.

Created: 20 Jun 2011 | 4 comments

My name is Thomas Moore and I new to Symantec and I am new to Symantec. Can you explain this to me

Internal IP address 12.345.67.89 has attempted to connect to port 80 on at least 10 different hosts within 300 seconds.

What does this mean and how to go by that?? Thanks in advance.

Discussion Filed Under:

Comments 4 CommentsJump to latest comment

Thomas K's picture

What is the role of 12.345.67.89? Are there any shared applications being used from that client? If not, that system (12.345.67.89) may be infected and is trying to spread a worm.

Make sure that system has the latest definitions and run a full scan in Safe-mode. make sure that the OS is up to date and all security patches are installed.You might want to go to that client and run  the Power Eraser or SERT utility to check for infection.

PE - http://www.symantec.com/business/support/index?pag...

SERT - http://www.symantec.com/business/support/index?pag...

deepak.vasudevan's picture

Dear Thomas,

I think it should be a a confirmed malware infection. Because 12. is an Internet IP address of a reputed brand (as illustrated in the attachment). The malware is supposedly involving in a IP-spoofing.

ip.png
Thomas K's picture

thomasmore23, I guess I need glasses, because I missed the fact that that IP address is invalid. Have you run the tools suggested  to scan for malware?

thomasmoore23's picture

Yes the Symantec Power Eraser

                      _____________________________
         
 Thomas Moo